Explicit Proxy won't forward ssl
I'm having an explicit (non transparent) proxy on my LAN side. The proxy forwards its traffic thru an upstream proxy (squid cache_peer)
Client –> squid3/pfsense --> upstream cache --> internet
This setting works fine for http.
Unfortunately, it doesn't work for https.
HTTPS can't connect thru the pfsense proxy.
Here's my config:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl home_network src 192.168.1.0/24
acl guest_network src 192.168.0.0/24
#Ports allowed through Squid
acl Safe_ports port 80 #http
acl Safe_ports port 443 #https
acl SSL_ports port 443
acl SSL method CONNECT
acl CONNECT method CONNECT
http_access allow localhost
http_access allow home_network
http_access allow guest_network
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
Does anyone see my what's going wrong here?
Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration:
always_direct deny all